FAT-fs (loop1): Directory bread(block 68) failed FAT-fs (loop1): Directory bread(block 69) failed FAT-fs (loop1): Directory bread(block 70) failed FAT-fs (loop1): Directory bread(block 71) failed ================================ WARNING: inconsistent lock state 4.14.306-syzkaller #0 Not tainted -------------------------------- inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. FAT-fs (loop1): Directory bread(block 72) failed modprobe/9525 [HC0[0]:SC1[1]:HE1:SE0] takes: FAT-fs (loop1): Directory bread(block 73) failed (&(&local->client_conns_lock)->rlock){+.?.}, at: [] spin_lock include/linux/spinlock.h:317 [inline] (&(&local->client_conns_lock)->rlock){+.?.}, at: [] rxrpc_put_one_client_conn net/rxrpc/conn_client.c:905 [inline] (&(&local->client_conns_lock)->rlock){+.?.}, at: [] rxrpc_put_client_conn+0x661/0xac0 net/rxrpc/conn_client.c:957 {SOFTIRQ-ON-W} state was registered at: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:152 spin_lock include/linux/spinlock.h:317 [inline] rxrpc_get_client_conn net/rxrpc/conn_client.c:306 [inline] rxrpc_connect_call+0x2bb/0x3e10 net/rxrpc/conn_client.c:692 rxrpc_new_client_call+0x8f4/0x1a10 net/rxrpc/call_object.c:276 rxrpc_new_client_call_for_sendmsg net/rxrpc/sendmsg.c:531 [inline] rxrpc_do_sendmsg+0x8dc/0xfb0 net/rxrpc/sendmsg.c:583 rxrpc_sendmsg+0x3cf/0x5f0 net/rxrpc/af_rxrpc.c:543 sock_sendmsg_nosec net/socket.c:646 [inline] sock_sendmsg+0xb5/0x100 net/socket.c:656 ___sys_sendmsg+0x6c8/0x800 net/socket.c:2062 __sys_sendmsg+0xa3/0x120 net/socket.c:2096 SYSC_sendmsg net/socket.c:2107 [inline] SyS_sendmsg+0x27/0x40 net/socket.c:2103 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 irq event stamp: 4564 hardirqs last enabled at (4564): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (4564): [] _raw_spin_unlock_irqrestore+0x79/0xe0 kernel/locking/spinlock.c:192 hardirqs last disabled at (4563): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (4563): [] _raw_spin_lock_irqsave+0x66/0xc0 kernel/locking/spinlock.c:160 softirqs last enabled at (0): [] copy_process.part.0+0x12d0/0x71c0 kernel/fork.c:1734 softirqs last disabled at (4503): [] invoke_softirq kernel/softirq.c:368 [inline] softirqs last disabled at (4503): [] irq_exit+0x193/0x240 kernel/softirq.c:409 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&(&local->client_conns_lock)->rlock); lock(&(&local->client_conns_lock)->rlock); *** DEADLOCK *** 2 locks held by modprobe/9525: #0: (rcu_read_lock){....}, at: [] is_bpf_text_address+0x0/0x150 kernel/bpf/core.c:489 #1: (rcu_callback){....}, at: [] __rcu_reclaim kernel/rcu/rcu.h:185 [inline] #1: (rcu_callback){....}, at: [] rcu_do_batch kernel/rcu/tree.c:2699 [inline] #1: (rcu_callback){....}, at: [] invoke_rcu_callbacks kernel/rcu/tree.c:2962 [inline] #1: (rcu_callback){....}, at: [] __rcu_process_callbacks kernel/rcu/tree.c:2929 [inline] #1: (rcu_callback){....}, at: [] rcu_process_callbacks+0x84e/0x1180 kernel/rcu/tree.c:2946 stack backtrace: CPU: 0 PID: 9525 Comm: modprobe Not tainted 4.14.306-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_usage_bug.cold+0x42e/0x570 kernel/locking/lockdep.c:2589 valid_state kernel/locking/lockdep.c:2602 [inline] mark_lock_irq kernel/locking/lockdep.c:2796 [inline] mark_lock+0xb4d/0x1050 kernel/locking/lockdep.c:3194 mark_irqflags kernel/locking/lockdep.c:3072 [inline] __lock_acquire+0xc81/0x3f20 kernel/locking/lockdep.c:3448 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:152 spin_lock include/linux/spinlock.h:317 [inline] rxrpc_put_one_client_conn net/rxrpc/conn_client.c:905 [inline] rxrpc_put_client_conn+0x661/0xac0 net/rxrpc/conn_client.c:957 rxrpc_put_connection net/rxrpc/ar-internal.h:862 [inline] rxrpc_rcu_destroy_call+0x83/0x190 net/rxrpc/call_object.c:653 __rcu_reclaim kernel/rcu/rcu.h:195 [inline] rcu_do_batch kernel/rcu/tree.c:2699 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2962 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2929 [inline] rcu_process_callbacks+0x780/0x1180 kernel/rcu/tree.c:2946 __do_softirq+0x24d/0x9ff kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x193/0x240 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:638 [inline] smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:796 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:779 [inline] RIP: 0010:lock_acquire+0x1ec/0x3f0 kernel/locking/lockdep.c:4001 RSP: 0018:ffff8880570e7a68 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff10 RAX: 1ffffffff11e13d9 RBX: ffff8880967d6240 RCX: 7e6b4e21b4366083 RDX: dffffc0000000000 RSI: 0000000000000001 RDI: 0000000000000282 RBP: ffffffff88f78d40 R08: 0000000000000000 R09: 0000000000020011 R10: ffff8880967d6ac8 R11: ffff8880967d6240 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000002 R15: 0000000000000000 rcu_lock_acquire include/linux/rcupdate.h:242 [inline] rcu_read_lock include/linux/rcupdate.h:629 [inline] is_bpf_text_address+0x35/0x150 kernel/bpf/core.c:502 kernel_text_address kernel/extable.c:150 [inline] kernel_text_address+0xbd/0xf0 kernel/extable.c:120 __kernel_text_address+0x9/0x30 kernel/extable.c:105 unwind_get_return_address arch/x86/kernel/unwind_orc.c:252 [inline] unwind_get_return_address+0x51/0x90 arch/x86/kernel/unwind_orc.c:247 __save_stack_trace+0xa0/0x160 arch/x86/kernel/stacktrace.c:45 save_stack mm/kasan/kasan.c:447 [inline] set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:551 kmem_cache_alloc+0x124/0x3c0 mm/slab.c:3552 prepare_creds+0x39/0x490 kernel/cred.c:255 SYSC_faccessat fs/open.c:365 [inline] SyS_faccessat+0x7b/0x680 fs/open.c:353 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7fd211ceb217 RSP: 002b:00007fffe7f98a68 EFLAGS: 00000206 ORIG_RAX: 0000000000000015 RAX: ffffffffffffffda RBX: 00005584febfdc81 RCX: 00007fd211ceb217 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007fd211cef4e7 RBP: 00007fffe7f98ad0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000010 R11: 0000000000000206 R12: 00007fd211ef2628 R13: 00000000000027b2 R14: 0000000000002dda R15: 0000000000000000 REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal REISERFS (device loop1): using ordered data mode reiserfs: using flush barriers attempt to access beyond end of device REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 attempt to access beyond end of device REISERFS (device loop1): checking transaction log (loop1) loop2: rw=0, want=201326594, limit=1024 Buffer I/O error on dev loop2, logical block 100663296, async page read loop5: rw=0, want=201326594, limit=1024 hfsplus: unable to mark blocks free: error -5 Buffer I/O error on dev loop5, logical block 100663296, async page read hfsplus: can't free extent hfsplus: unable to mark blocks free: error -5 REISERFS (device loop1): Using r5 hash to sort names hfsplus: can't free extent REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. attempt to access beyond end of device loop2: rw=0, want=201326594, limit=1024 Buffer I/O error on dev loop2, logical block 100663296, async page read hfsplus: unable to mark blocks free: error -5 hfsplus: can't free extent attempt to access beyond end of device loop5: rw=0, want=201326594, limit=1024 Buffer I/O error on dev loop5, logical block 100663296, async page read hfsplus: unable to mark blocks free: error -5 hfsplus: can't free extent REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal REISERFS (device loop1): using ordered data mode reiserfs: using flush barriers REISERFS (device loop3): using ordered data mode REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 reiserfs: using flush barriers REISERFS (device loop1): checking transaction log (loop1) REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 SQUASHFS error: zlib decompression failed, data probably corrupt attempt to access beyond end of device REISERFS (device loop3): checking transaction log (loop3) loop2: rw=0, want=201326594, limit=1024 SQUASHFS error: squashfs_read_data failed to read block 0x6ec Buffer I/O error on dev loop2, logical block 100663296, async page read SQUASHFS error: Unable to read metadata cache entry [6ec] hfsplus: unable to mark blocks free: error -5 SQUASHFS error: Unable to read inode 0x127 hfsplus: can't free extent REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal REISERFS (device loop4): using ordered data mode reiserfs: using flush barriers REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop1): Using r5 hash to sort names REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. REISERFS (device loop4): checking transaction log (loop4) REISERFS (device loop3): Using r5 hash to sort names REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. REISERFS (device loop4): Using r5 hash to sort names REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. SQUASHFS error: zlib decompression failed, data probably corrupt SQUASHFS error: squashfs_read_data failed to read block 0x6ec SQUASHFS error: Unable to read metadata cache entry [6ec] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal SQUASHFS error: Unable to read inode 0x127 REISERFS (device loop3): using ordered data mode reiserfs: using flush barriers REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal REISERFS (device loop3): checking transaction log (loop3) REISERFS (device loop1): using ordered data mode reiserfs: using flush barriers REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop3): Using r5 hash to sort names REISERFS (device loop1): checking transaction log (loop1) REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal REISERFS (device loop4): using ordered data mode reiserfs: using flush barriers REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop4): checking transaction log (loop4) REISERFS (device loop4): Using r5 hash to sort names REISERFS (device loop1): Using r5 hash to sort names REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. SQUASHFS error: zlib decompression failed, data probably corrupt SQUASHFS error: squashfs_read_data failed to read block 0x6ec SQUASHFS error: Unable to read metadata cache entry [6ec] SQUASHFS error: Unable to read inode 0x127 REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal REISERFS (device loop3): using ordered data mode REISERFS (device loop1): using ordered data mode reiserfs: using flush barriers REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal reiserfs: using flush barriers REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 SQUASHFS error: zlib decompression failed, data probably corrupt REISERFS (device loop4): using ordered data mode SQUASHFS error: squashfs_read_data failed to read block 0x6ec REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 reiserfs: using flush barriers REISERFS (device loop3): checking transaction log (loop3) SQUASHFS error: Unable to read metadata cache entry [6ec] REISERFS (device loop1): checking transaction log (loop1) SQUASHFS error: Unable to read inode 0x127 REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop4): checking transaction log (loop4) REISERFS (device loop3): Using r5 hash to sort names REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. REISERFS (device loop1): Using r5 hash to sort names REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. REISERFS (device loop4): Using r5 hash to sort names REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. netlink: 3 bytes leftover after parsing attributes in process `syz-executor.3'. new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored netlink: 3 bytes leftover after parsing attributes in process `syz-executor.3'. new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored netlink: 3 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor.5'. tmpfs: Bad value 'bind=static' for mount option 'mpol' tmpfs: Bad value 'bind=static' for mount option 'mpol' netlink: 3 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor.3'. tmpfs: Bad value 'bind=static' for mount option 'mpol' netlink: 3 bytes leftover after parsing attributes in process `syz-executor.1'. tmpfs: Bad value 'bind=static' for mount option 'mpol' netlink: 3 bytes leftover after parsing attributes in process `syz-executor.5'.